Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Booting from: FreeBSD-12.1-RELEASE-amd64-disc1.iso
# SHA256: aa9d34b458826486999ed3e872436b6712ae38cede5ea41de4ab923e3419d461
# We will set up a VERY simple test install
# This will have a ZFS mirror (2x16GB disks)
# There will be NO SWAP
# Install
# Set keyboard to UK
# Hostname: geli
# No optional system components
# Select shell for disk config
############################################################################################################
# gpart create -s gpt ada0
ada0 created
# gpart create -s gpt ada1
ada1 created
# gpart add -a 4k -t efi -s 200m -l efiboot0 ada0
ada0p1 added
# gpart add -a 1m -t freebsd-swap -s 1g -l swap0 ada0
ada0p2 added
# gpart add -a 1m -t freebsd-zfs -l zfs0 ada0
ada0p3 added
# gpart add -a 4k -t efi -s 200m -l efiboot1 ada1
ada1p1 added
# gpart add -a 1m -t freebsd-swap -s 1g -l swap1 ada1
ada1p2 added
# gpart add -a 1m -t freebsd-zfs -l zfs1 ada1
ada1p3 added
# gpart show
=> 9 444331 cd0 MBR (868M)
9 444331 - free - (868M)
=> 9 444331 iso9660/12_1_RELEASE_AMD64_CD MBR (868M)
9 444331 - free - (868M)
=> 40 33554352 ada0 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 ada1 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 diskid/DISK-VBa57305fa-32e03234 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 diskid/DISK-VBe8261acf-02da3258 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
# newfs_msdos -F 16 -L EFISYS /dev/ada0p1
/dev/ada0p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster)
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600
# mount_msdosfs /dev/ada0p1 /mnt
# mkdir -p /mnt/efi/boot
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi
# echo "BOOTx64.efi" > /mnt/efi/boot/startup.nsh
# umount /mnt
# newfs_msdos -F 16 -L EFISYS /dev/ada1p1
/dev/ada1p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster)
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600
# mount_msdosfs /dev/ada1p1 /mnt
# mkdir -p /mnt/efi/boot
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi
# echo "BOOTx64.efi" > /mnt/efi/boot/startup.nsh
# umount /mnt
# geli init -bg -l 256 /dev/gpt/zfs0
Enter new passphrase:
Reenter new passphrase:
Metadata backup for provider /dev/gpt/zfs0 can be found in /var/backups/gpt_zfs0.eli
and can be restored with the following command:
# geli restore /var/backups/gpt_zfs0.eli /dev/gpt/zfs0
# geli init -bg -l 256 /dev/gpt/zfs1
Enter new passphrase:
Reenter new passphrase:
Metadata backup for provider /dev/gpt/zfs1 can be found in /var/backups/gpt_zfs1.eli
and can be restored with the following command:
# geli restore /var/backups/gpt_zfs1.eli /dev/gpt/zfs1
# geli attach /dev/gpt/zfs0
Enter passphrase:
# geli attach /dev/gpt/zfs1
Enter passphrase:
# zpool create -o altroot=/mnt -O compress=lz4 -O atime=off -m none -f zroot mirror gpt/zfs0.eli gpt/zfs1.eli
# zfs create -o mountpoint=none zroot/ROOT
# zfs create -o mountpoint=/ zroot/ROOT/default
# zfs create -o mountpoint=/tmp -o exec=on -o setuid=off zroot/tmp
# zfs create -o mountpoint=/usr -o canmount=off zroot/usr
# zfs create zroot/usr/home
# zfs create -o setuid=off zroot/usr/ports
# zfs create zroot/usr/src
# zfs create -o mountpoint=/var -o canmount=off zroot/var
# zfs create -o exec=off -o setuid=off zroot/var/audit
# zfs create -o exec=off -o setuid=off zroot/var/crash
# zfs create -o exec=off -o setuid=off zroot/var/log
# zfs create -o atime=on zroot/var/mail
# zfs create -o setuid=off zroot/var/tmp
# zfs set mountpoint=/zroot zroot
# zpool set bootfs=zroot/ROOT/default zroot
# mkdir -p /mnt/boot/zfs/
# zpool set cachefile=/mnt/boot/zfs/zpool.cache zroot
# zfs set canmount=noauto zroot/ROOT/default
# exit
############################################################################################################
# Set root password
# Set up networking
# Disable dumpdev
# Enable all system hardening
# Don't add users
# Exit
# Go into shell
# Enable ZFS in rc.conf:
### zfs_enable=yes
# Set up /boot/loader.conf:
### aesni_load="YES"
### geom_eli_load="YES"
### geom_mirror_load="YES"
### security.bsd.allow_destructive_dtrace=0
### kern.geom.label.disk_ident.enable="0"
### kern.geom.label.gptid.enable="0"
### opensolaris_load="YES"
### zfs_load="YES"
# Reboot without CD
############################################################################################################
############################################################################################################
# Boot system
# Type GELI password (for ada0p3)
# Log into system
# Show zpool status and list geli:
root@geli:~ # zpool status
pool: zroot
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p3.eli ONLINE 0 0 0
ada1p3.eli ONLINE 0 0 0
errors: No known data errors
root@geli:~ # geli list
Geom name: ada0p3.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT, GELIBOOT
KeysAllocated: 30
KeysTotal: 30
Providers:
1. Name: ada0p3.eli
Mediasize: 15894314496 (15G)
Sectorsize: 512
Mode: r1w1e1
Consumers:
1. Name: ada0p3
Mediasize: 15894315008 (15G)
Sectorsize: 512
Stripesize: 0
Stripeoffset: 1284505600
Mode: r1w1e1
Geom name: ada1p3.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT, GELIBOOT
KeysAllocated: 30
KeysTotal: 30
Providers:
1. Name: ada1p3.eli
Mediasize: 15894314496 (15G)
Sectorsize: 512
Mode: r1w1e1
Consumers:
1. Name: ada1p3
Mediasize: 15894315008 (15G)
Sectorsize: 512
Stripesize: 0
Stripeoffset: 1284505600
Mode: r1w1e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment